From: Greg Kroah-Hartman Date: Sat, 24 Oct 2020 09:49:10 +0000 (+0200) Subject: 4.9-stable patches X-Git-Tag: v4.4.241~40 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=eba7e445b9a8340f0af2d8c7d87837f8bccf0b77;p=thirdparty%2Fkernel%2Fstable-queue.git 4.9-stable patches added patches: cifs-remove-bogus-debug-code.patch kvm-x86-mmu-commit-zap-of-remaining-invalid-pages-when-recovering-lpages.patch --- diff --git a/queue-4.9/cifs-remove-bogus-debug-code.patch b/queue-4.9/cifs-remove-bogus-debug-code.patch new file mode 100644 index 00000000000..00c3828c45e --- /dev/null +++ b/queue-4.9/cifs-remove-bogus-debug-code.patch @@ -0,0 +1,72 @@ +From d367cb960ce88914898cbfa43645c2e43ede9465 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Wed, 16 Sep 2020 23:18:21 +0300 +Subject: cifs: remove bogus debug code + +From: Dan Carpenter + +commit d367cb960ce88914898cbfa43645c2e43ede9465 upstream. + +The "end" pointer is either NULL or it points to the next byte to parse. +If there isn't a next byte then dereferencing "end" is an off-by-one out +of bounds error. And, of course, if it's NULL that leads to an Oops. +Printing "*end" doesn't seem very useful so let's delete this code. + +Also for the last debug statement, I noticed that it should be printing +"sequence_end" instead of "end" so fix that as well. + +Reported-by: Dominik Maier +Signed-off-by: Dan Carpenter +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/asn1.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +--- a/fs/cifs/asn1.c ++++ b/fs/cifs/asn1.c +@@ -541,8 +541,8 @@ decode_negTokenInit(unsigned char *secur + return 0; + } else if ((cls != ASN1_CTX) || (con != ASN1_CON) + || (tag != ASN1_EOC)) { +- cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p (%d) exit 0\n", +- cls, con, tag, end, *end); ++ cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p exit 0\n", ++ cls, con, tag, end); + return 0; + } + +@@ -552,8 +552,8 @@ decode_negTokenInit(unsigned char *secur + return 0; + } else if ((cls != ASN1_UNI) || (con != ASN1_CON) + || (tag != ASN1_SEQ)) { +- cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p (%d) exit 1\n", +- cls, con, tag, end, *end); ++ cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p exit 1\n", ++ cls, con, tag, end); + return 0; + } + +@@ -563,8 +563,8 @@ decode_negTokenInit(unsigned char *secur + return 0; + } else if ((cls != ASN1_CTX) || (con != ASN1_CON) + || (tag != ASN1_EOC)) { +- cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p (%d) exit 0\n", +- cls, con, tag, end, *end); ++ cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p exit 0\n", ++ cls, con, tag, end); + return 0; + } + +@@ -575,8 +575,8 @@ decode_negTokenInit(unsigned char *secur + return 0; + } else if ((cls != ASN1_UNI) || (con != ASN1_CON) + || (tag != ASN1_SEQ)) { +- cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p (%d) exit 1\n", +- cls, con, tag, end, *end); ++ cifs_dbg(FYI, "cls = %d con = %d tag = %d sequence_end = %p exit 1\n", ++ cls, con, tag, sequence_end); + return 0; + } + diff --git a/queue-4.9/kvm-x86-mmu-commit-zap-of-remaining-invalid-pages-when-recovering-lpages.patch b/queue-4.9/kvm-x86-mmu-commit-zap-of-remaining-invalid-pages-when-recovering-lpages.patch new file mode 100644 index 00000000000..e5168ed429c --- /dev/null +++ b/queue-4.9/kvm-x86-mmu-commit-zap-of-remaining-invalid-pages-when-recovering-lpages.patch @@ -0,0 +1,39 @@ +From e89505698c9f70125651060547da4ff5046124fc Mon Sep 17 00:00:00 2001 +From: Sean Christopherson +Date: Wed, 23 Sep 2020 11:37:28 -0700 +Subject: KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages + +From: Sean Christopherson + +commit e89505698c9f70125651060547da4ff5046124fc upstream. + +Call kvm_mmu_commit_zap_page() after exiting the "prepare zap" loop in +kvm_recover_nx_lpages() to finish zapping pages in the unlikely event +that the loop exited due to lpage_disallowed_mmu_pages being empty. +Because the recovery thread drops mmu_lock() when rescheduling, it's +possible that lpage_disallowed_mmu_pages could be emptied by a different +thread without to_zap reaching zero despite to_zap being derived from +the number of disallowed lpages. + +Fixes: 1aa9b9572b105 ("kvm: x86: mmu: Recovery of shattered NX large pages") +Cc: Junaid Shahid +Cc: stable@vger.kernel.org +Signed-off-by: Sean Christopherson +Message-Id: <20200923183735.584-2-sean.j.christopherson@intel.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/mmu.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/x86/kvm/mmu.c ++++ b/arch/x86/kvm/mmu.c +@@ -5321,6 +5321,7 @@ static void kvm_recover_nx_lpages(struct + cond_resched_lock(&kvm->mmu_lock); + } + } ++ kvm_mmu_commit_zap_page(kvm, &invalid_list); + + spin_unlock(&kvm->mmu_lock); + srcu_read_unlock(&kvm->srcu, rcu_idx); diff --git a/queue-4.9/series b/queue-4.9/series index 486b7739f8a..6e5c998acb9 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -8,3 +8,5 @@ net-hdlc_raw_eth-clear-the-iff_tx_skb_sharing-flag-after-calling-ether_setup.pat nfc-ensure-presence-of-nfc_attr_firmware_name-attribute-in-nfc_genl_fw_download.patch tcp-fix-to-update-snd_wl1-in-bulk-receiver-fast-path.patch icmp-randomize-the-global-rate-limiter.patch +cifs-remove-bogus-debug-code.patch +kvm-x86-mmu-commit-zap-of-remaining-invalid-pages-when-recovering-lpages.patch